CVE-2021-2274

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.10

Description: The issue is related to errors in the code of the User Interface component of the Oracle E-Business Tax product. It allows a low-privileged attacker with network access via HTTP to compromise Oracle E-Business Tax, resulting in unauthorized creation, deletion, or modification access to critical data or all Oracle E-Business Tax accessible data, as well as unauthorized access to critical data or complete access to all Oracle E-Business Tax accessible data.

Recommendations: For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the User Interface component of the Oracle E-Business Tax product until a patch is available.